Rename new_cipher to cipher.

This is in the SSL_HANDSHAKE struct and is what we're currently negotiating, so there is really nothing more "new" about the cipher than there is the key block or other parts of the handshake data. ok inoguchi@ tb@
author: jsing <> 2021-03-24 18:44:00 +0000
committer: jsing <> 2021-03-24 18:44:00 +0000
commit: ae1702cd90dfc51fd5483baea6488cd99ac9c26b (patch)
tree: 4ba7ed86321d6c92257c882bce631aa4a7f603b8 /src/lib/libssl/ssl_clnt.c
parent: 3ce9712d99b47c9a9db840f6cf8cc970a5f841dd (diff)
download: openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.gz
openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.bz2
openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.zip
1 files changed, 14 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 0f602bef7e..984ade0957 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -343,7 +343,7 @@ ssl3_connect(SSL *s)
                                break;
                        }
                        /* Check if it is anon DH/ECDH. */
-                        if (!(S3I(s)->hs.new_cipher->algorithm_auth &
+                        if (!(S3I(s)->hs.cipher->algorithm_auth &
                            SSL_aNULL)) {
                                ret = ssl3_get_server_certificate(s);
                                if (ret <= 0)
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
                        S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
                        s->internal->init_num = 0;
-                        s->session->cipher = S3I(s)->hs.new_cipher;
+                        s->session->cipher = S3I(s)->hs.cipher;
                        if (!tls1_setup_key_block(s)) {
                                ret = -1;
                                goto end;
@@ -1054,7 +1054,7 @@ ssl3_get_server_hello(SSL *s)
                SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
                goto fatal_err;
        }
-        S3I(s)->hs.new_cipher = cipher;
+        S3I(s)->hs.cipher = cipher;
        if (!tls1_transcript_hash_init(s))
                goto err;
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
         * Don't digest cached records if no sigalgs: we may need them for
         * client authentication.
         */
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
        if (!(SSL_USE_SIGALGS(s) || (alg_k & SSL_kGOST)))
                tls1_transcript_free(s);
@@ -1276,7 +1276,7 @@ ssl3_get_server_kex_dhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        long alg_a;
        int al;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        sc = SSI(s)->sess_cert;
        if ((dh = DH_new()) == NULL) {
@@ -1404,7 +1404,7 @@ ssl3_get_server_kex_ecdhe(SSL *s, EVP_PKEY **pkey, CBS *cbs)
        int nid;
        int al;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        sc = SSI(s)->sess_cert;
        /* Only named curves are supported. */
@@ -1483,8 +1483,8 @@ ssl3_get_server_key_exchange(SSL *s)
        EVP_MD_CTX_init(&md_ctx);
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        /*
         * Use same message size as in ssl3_get_certificate_request()
@@ -1682,7 +1682,7 @@ ssl3_get_certificate_request(SSL *s)
        }
        /* TLS does not like anon-DH with client cert */
-        if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {
+        if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
                SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
                goto err;
@@ -2251,7 +2251,7 @@ ssl3_send_client_kex_gost(SSL *s, SESS_CERT *sess_cert, CBB *cbb)
        }
        /* XXX check handshake hash instead. */
-        if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
+        if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
                nid = NID_id_GostR3411_94;
        else
                nid = NID_id_tc26_gost3411_2012_256;
@@ -2314,7 +2314,7 @@ ssl3_send_client_key_exchange(SSL *s)
        memset(&cbb, 0, sizeof(cbb));
        if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
-                alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+                alg_k = S3I(s)->hs.cipher->algorithm_mkey;
                if ((sess_cert = SSI(s)->sess_cert) == NULL) {
                        ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2726,8 +2726,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
        SESS_CERT       *sc;
        DH              *dh;
-        alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;
+        alg_k = S3I(s)->hs.cipher->algorithm_mkey;
-        alg_a = S3I(s)->hs.new_cipher->algorithm_auth;
+        alg_a = S3I(s)->hs.cipher->algorithm_auth;
        /* We don't have a certificate. */
        if (alg_a & SSL_aNULL)
author	jsing <>	2021-03-24 18:44:00 +0000
committer	jsing <>	2021-03-24 18:44:00 +0000
commit	ae1702cd90dfc51fd5483baea6488cd99ac9c26b (patch)
tree	4ba7ed86321d6c92257c882bce631aa4a7f603b8 /src/lib/libssl/ssl_clnt.c
parent	3ce9712d99b47c9a9db840f6cf8cc970a5f841dd (diff)
download	openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.gz openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.tar.bz2 openbsd-ae1702cd90dfc51fd5483baea6488cd99ac9c26b.zip

diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c index 0f602bef7e..984ade0957 100644 --- a/src/lib/libssl/ssl_clnt.c +++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_clnt.c,v 1.87 2021/03/24 18:40:03 jsing Exp $ */	1	/* $OpenBSD: ssl_clnt.c,v 1.88 2021/03/24 18:44:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -343,7 +343,7 @@ ssl3_connect(SSL *s)
343	break;	343	break;
344	}	344	}
345	/* Check if it is anon DH/ECDH. */	345	/* Check if it is anon DH/ECDH. */
346	if (!(S3I(s)->hs.new_cipher->algorithm_auth &	346	if (!(S3I(s)->hs.cipher->algorithm_auth &
347	SSL_aNULL)) {	347	SSL_aNULL)) {
348	ret = ssl3_get_server_certificate(s);	348	ret = ssl3_get_server_certificate(s);
349	if (ret <= 0)	349	if (ret <= 0)
@@ -477,7 +477,7 @@ ssl3_connect(SSL *s)
477	S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;	477	S3I(s)->hs.state = SSL3_ST_CW_FINISHED_A;
478	s->internal->init_num = 0;	478	s->internal->init_num = 0;
479		479
480	s->session->cipher = S3I(s)->hs.new_cipher;	480	s->session->cipher = S3I(s)->hs.cipher;
481	if (!tls1_setup_key_block(s)) {	481	if (!tls1_setup_key_block(s)) {
482	ret = -1;	482	ret = -1;
483	goto end;	483	goto end;
@@ -1054,7 +1054,7 @@ ssl3_get_server_hello(SSL *s)
1054	SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);	1054	SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
1055	goto fatal_err;	1055	goto fatal_err;
1056	}	1056	}
1057	S3I(s)->hs.new_cipher = cipher;	1057	S3I(s)->hs.cipher = cipher;
1058		1058
1059	if (!tls1_transcript_hash_init(s))	1059	if (!tls1_transcript_hash_init(s))
1060	goto err;	1060	goto err;
@@ -1063,7 +1063,7 @@ ssl3_get_server_hello(SSL *s)
1063	* Don't digest cached records if no sigalgs: we may need them for	1063	* Don't digest cached records if no sigalgs: we may need them for
1064	* client authentication.	1064	* client authentication.
1065	*/	1065	*/
1066	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	1066	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
1067	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)))	1067	if (!(SSL_USE_SIGALGS(s) \|\| (alg_k & SSL_kGOST)))
1068	tls1_transcript_free(s);	1068	tls1_transcript_free(s);
1069		1069
@@ -1276,7 +1276,7 @@ ssl3_get_server_kex_dhe(SSL s, EVP_PKEY pkey, CBS cbs)
1276	long alg_a;	1276	long alg_a;
1277	int al;	1277	int al;
1278		1278
1279	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	1279	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1280	sc = SSI(s)->sess_cert;	1280	sc = SSI(s)->sess_cert;
1281		1281
1282	if ((dh = DH_new()) == NULL) {	1282	if ((dh = DH_new()) == NULL) {
@@ -1404,7 +1404,7 @@ ssl3_get_server_kex_ecdhe(SSL s, EVP_PKEY pkey, CBS cbs)
1404	int nid;	1404	int nid;
1405	int al;	1405	int al;
1406		1406
1407	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	1407	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1408	sc = SSI(s)->sess_cert;	1408	sc = SSI(s)->sess_cert;
1409		1409
1410	/* Only named curves are supported. */	1410	/* Only named curves are supported. */
@@ -1483,8 +1483,8 @@ ssl3_get_server_key_exchange(SSL *s)
1483		1483
1484	EVP_MD_CTX_init(&md_ctx);	1484	EVP_MD_CTX_init(&md_ctx);
1485		1485
1486	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	1486	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
1487	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	1487	alg_a = S3I(s)->hs.cipher->algorithm_auth;
1488		1488
1489	/*	1489	/*
1490	* Use same message size as in ssl3_get_certificate_request()	1490	* Use same message size as in ssl3_get_certificate_request()
@@ -1682,7 +1682,7 @@ ssl3_get_certificate_request(SSL *s)
1682	}	1682	}
1683		1683
1684	/* TLS does not like anon-DH with client cert */	1684	/* TLS does not like anon-DH with client cert */
1685	if (S3I(s)->hs.new_cipher->algorithm_auth & SSL_aNULL) {	1685	if (S3I(s)->hs.cipher->algorithm_auth & SSL_aNULL) {
1686	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);	1686	ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
1687	SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);	1687	SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
1688	goto err;	1688	goto err;
@@ -2251,7 +2251,7 @@ ssl3_send_client_kex_gost(SSL s, SESS_CERT sess_cert, CBB *cbb)
2251	}	2251	}
2252		2252
2253	/* XXX check handshake hash instead. */	2253	/* XXX check handshake hash instead. */
2254	if (S3I(s)->hs.new_cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)	2254	if (S3I(s)->hs.cipher->algorithm2 & SSL_HANDSHAKE_MAC_GOST94)
2255	nid = NID_id_GostR3411_94;	2255	nid = NID_id_GostR3411_94;
2256	else	2256	else
2257	nid = NID_id_tc26_gost3411_2012_256;	2257	nid = NID_id_tc26_gost3411_2012_256;
@@ -2314,7 +2314,7 @@ ssl3_send_client_key_exchange(SSL *s)
2314	memset(&cbb, 0, sizeof(cbb));	2314	memset(&cbb, 0, sizeof(cbb));
2315		2315
2316	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {	2316	if (S3I(s)->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
2317	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2317	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2318		2318
2319	if ((sess_cert = SSI(s)->sess_cert) == NULL) {	2319	if ((sess_cert = SSI(s)->sess_cert) == NULL) {
2320	ssl3_send_alert(s, SSL3_AL_FATAL,	2320	ssl3_send_alert(s, SSL3_AL_FATAL,
@@ -2726,8 +2726,8 @@ ssl3_check_cert_and_algorithm(SSL *s)
2726	SESS_CERT *sc;	2726	SESS_CERT *sc;
2727	DH *dh;	2727	DH *dh;
2728		2728
2729	alg_k = S3I(s)->hs.new_cipher->algorithm_mkey;	2729	alg_k = S3I(s)->hs.cipher->algorithm_mkey;
2730	alg_a = S3I(s)->hs.new_cipher->algorithm_auth;	2730	alg_a = S3I(s)->hs.cipher->algorithm_auth;
2731		2731
2732	/* We don't have a certificate. */	2732	/* We don't have a certificate. */
2733	if (alg_a & SSL_aNULL)	2733	if (alg_a & SSL_aNULL)